Online Signing of Negative and Wildcard Responses
draft-gieben-bert-response-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Miek Gieben | ||
| Last updated | 2004-11-17 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This draft contains a number of loose ends and does not include any text on any (known) corner cases. Its primary goal is to document the choices the DNSEXT working group has on the subject of fixing the NSEC enumeration in DNSSEC. If at any point in time the working group feels this idea needs further work, this draft will be updated. DNSSECbis [RFC LIST] allow for zone enumeration by walking NSEC chains. It also has a large impact on the zone size at the initial deployment stage. This draft proposes a method to address these issues by the use of online signing of negative and wildcard responses.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)